Differential Collisions in SHA-0
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Provably good codes for hash function design
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Another look at complementation properties
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Merkle-Damgård revisited: how to construct a hash function
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Differential and linear cryptanalysis using mixed-integer linear programming
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Hi-index | 0.00 |
This paper provides three important contributions to the security analysis of SIMD. First, we show a new free-start distinguisher based on symmetry relations. It allows to distinguish the compression function of SIMD from a random function with a single evaluation. Then, we show that a class of free-start distinguishers is not a threat to wide-pipe hash functions. In particular, this means that our distinguisher has a minimal impact on the security of the SIMD hash function. Intuitively, the reason why this distinguisher does not weaken the function is that getting into a symmetric state is about as hard as finding a preimage. Finally, we study differential path in SIMD, and give an upper bound on the probability of related key differential paths. Our bound is in the order of 2-n/2 using very weak assumptions.